Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions

First Published: May 2, 2005

Last Updated: November 27, 2009

PPP over Ethernet (PPPoE) profiles contain configuration information for a group of PPPoE sessions. Multiple PPPoE profiles can be defined for a device, allowing different virtual templates and other PPPoE configuration parameters to be assigned to different PPP interfaces, VLANs, and ATM permanent virtual circuits (PVCs) that are used in supporting broadband access aggregation of PPPoE sessions.

Note This module describes the method to configure PPPoE sessions using profiles. If you have configured your PPPoE sessions using a release of Cisco IOS software earlier than Cisco IOS Release 12.4, see the documentation that corresponds to that release. Although the configuration methods used in Cisco IOS software releases prior to Release 12.4 are supported in Release 12.4, it is recommended that you use the configuration methods described in this module for new configurations and when upgrading to Cisco IOS Release 12.4.

Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Prerequisites for Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions

Restrictions for Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions

PPPoE profiles separate the configuration of PPPoE from the configuration of virtual private dialup networks (VPDNs). The legacy method of configuring PPPoE in VPDN groups is permitted, but you cannot configure PPPoE profiles and PPPoE in VPDN groups simultaneously.

Note VPDN is not supported on the Cisco 7600 router in Cisco IOS Release 12.2(33)SRC.

If a PPPoE profile is assigned to a PPPoE port (Ethernet, interface, VLAN, or virtual circuit (VC) class), or ATM range and the profile has not yet been defined, the following restrictions are applicable:

•The port, VC class, or range does not have any PPPoE parameters configured.

•The port, VC class, or range does not use parameters from the global group.

Only PPPoE over 802.1Q VLAN support can be configured without using subinterfaces on the PPPoE server.

ATM support for PPPoE over 802.1Q VLANs can be configured only on the PPPoE server. Individual VLANs that are configured on subinterfaces can be shut down. Individual VLANs that are configured on the main interface cannot be shut down.

A VLAN range can be configured on a main interface at the same time that VLANs outside the range are configured on subinterfaces of the same main interface. However, you cannot configure a specific VLAN on the main interface and on a subinterface at the same time.

Note Cisco IOS Release 12.2(33)SRC does not support VCs or ATMs.

Information About Providing Protocol Support for Broadband Access Aggregation for PPPoE Sessions

To provide protocol support for broadband access aggregation for PPPoE sessions, you should understand concepts described in the following sections:

PPPoE Specification Definition

PPPoE is a specification that defines how a host PC interacts with a common broadband medium (for example, a digital subscriber line (DSL), wireless modem or cable modem) to achieve access to a high-speed data network. Relying on two widely accepted standards, Ethernet and PPP, the PPPoE implementation allows users over the Ethernet to share a connection. The Ethernet principles supporting multiple users in a LAN, combined with the principles of PPP, which apply to serial connections, support this connection.

The base protocol is defined in RFC 2516.

Benefits of PPPoE Profiles

Before the introduction of the use of PPPoE profiles, PPPoE parameters were configured within a VPDN group. Configuring PPPoE in a VPDN group limited PPPoE configuration options because only one PPPoE VPDN group with one virtual template was permitted on a device. The PPPoE Profiles feature provides simplicity and flexibility in PPPoE configuration by separating PPPoE from VPDN configuration. The PPPoE Profiles feature allows multiple PPPoE profiles, each with a different configuration, to be used on a single device.

Note VPDN is not supported on the Cisco 7600 router in Cisco IOS Release 12.2(33)SRC.

Note This module describes the method for configuring PPPoE sessions using profiles. If you have configured your PPPoE sessions using a release of Cisco IOS software earlier than Cisco IOS Release 12.4, see the documentation that corresponds to that release. Although the configuration methods used in Cisco IOS software releases prior to Release 12.4 are supported in Release 12.4, it is recommended that you use the configuration methods described in the "Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions" module for new configurations and when upgrading to Cisco IOS Release 12.4.

PPPoE Connection Throttling

Repeated requests to initiate PPPoE sessions can adversely affect the performance of a router and RADIUS server. The PPPoE Connection Throttling feature limits PPPoE connection requests to help prevent intentional denial-of-service attacks and unintentional PPP authentication loops. This feature implements session throttling on the PPPoE server to limit the number of PPPoE session requests that can be initiated from a MAC address or VC during a specified period of time.

PPPoE Profile Assignment to a VLAN Without Subinterfaces

Use PPPoE profile assignment to a VLAN without subinterfaces to improve PPPoE over IEEE 802.Q VLAN functionality in the following two ways:

•It removes the requirement for each PPPoE VLAN to be created on a subinterface. Removal of this requirement increases the number of VLANs that can be configured on a router from 1001 to 4000 VLANs per interface.

Note ATM is not supported on the Cisco 7600 router in Cisco IOS Release 12.2(33)SRC.

To configure PPPoE over 802.1Q VLAN support on an interface rather than a subinterface, and to configure ATM support for PPPoE over 802.1Q VLANs, you should understand the concepts described in the following sections:

PPPoE over VLAN Configuration Without Using Subinterfaces

PPPoE profile assignment to a VLAN without subinterfaces removes the requirement for each PPPoE VLAN to be created on a subinterface. Allowing more than one PPPoE VLAN to be configured on a main interface increases the number of VLANs that can be configured on a router from 1001 to 4000 VLANs per interface.

Individual VLANs or a range of VLANs can be configured on an interface. You can configure a VLAN range on a main interface and at the same time configure VLANs outside the range on subinterfaces of the same interface.

PPPoE over VLAN Support on ATMs

PPPoE profile assignment to a VLAN without subinterfaces enables ATMs to process PPPoE over VLAN packets that use bridged RFC 1483 encapsulation. This capability allows PPPoE traffic from different 802.1Q VLANs to be multiplexed over the same ATM.

Figure 1 shows a sample network topology that implements PPPoE over VLAN on ATM. In this topology, a service provider is using an Ethernet switch to provide Ethernet service to home users and a single multiplexer to provide the switch with WAN access. The home users use PPPoE to access services on the network access server (NAS). Each port on the switch is assigned a separate VLAN, and the VLANs are trunked over a Fast Ethernet or Gigabit Ethernet interface that is connected to a DSL modem acting as a bridge.

The 802.1Q VLAN-encapsulated traffic coming in from the Ethernet switch trunk is encapsulated in RFC 1483 bridged encapsulation by the DSL modem and sent across the ATM WAN to the NAS. The NAS, which is configured to support PPPoE over VLAN over ATM, will extract the PPPoE packet from the PPPoE over 802.1Q VLAN over RFC 1483 bridged encapsulation and provide PPPoE services to the user.

In the downlink, the NAS sends packets in PPPoE over 802.1Q VLAN over RFC 1483 bridged encapsulation. The DSL modem strips off the RFC 1483 encapsulation and forwards the 802.1Q VLAN packets across the trunk to the switch. The switch then sends the Ethernet packets to the port associated with the 802.1 VLAN ID.

Figure 1 Sample Network Topology for PPPoE over 802.1Q VLAN over ATM

Benefits of PPPoE over VLAN Scaling and ATM Support for PPPoE over VLANs

PPPoE over VLAN scaling and ATM support for PPPoE over VLANs has the following benefits:

•Increases the number of VLANs that can be configured on a router from 1001 to 4000 VLANs per interface by removing the requirement for each PPPoE VLAN to be configured on a subinterface.

•Provides support for PPPoE over VLAN over ATM interfaces using RFC 1483 bridged encapsulation.

Autosense for ATMs

The PPPoA/PPPoE Autosense for ATM PVCs feature enables a router to distinguish between incoming PPP over ATM (PPPoA) and PPPoE and to create virtual access based on demand for both PPP types.

Note The Preauthentication with ISDN PRI and Channel-Associated Signalling feature is supported on Subnetwork Access Protocol (SNAP)-encapsulated ATMs only. It is not supported on multiplexer (MUX)-encapsulated.

Benefits of Autosense for ATMs

Autosense for ATMs provides resource allocation on demand. For each autosense configured for both PPPoA and PPPoE, certain resources (including one virtual-access interface) are allocated upon configuration, regardless of the existence of a PPPoA or PPPoE session on that resource. The autosense for ATMs resources are allocated for PPPoA and PPPoE sessions only when a client initiates a session,thus reducing overhead on the NAS.

MAC Address for PPPoEoA

Any change in the usage of MAC addresses will not happen unless it is explicitly configured. This will prevent you from experiencing unexpected behavior resulting from a system change.

Except for using a different MAC address, this feature does not change the way PPPoE works. This change is limited to ATM interfaces only—specifically, PPPoEoA—and will not be applied to other interfaces where PPPoE is operated such as Ethernet, Ethernet VLAN, and Data-over-Cable Service Interface Specifications (DOCSIS). Changing the PPPoE MAC address on those interfaces, which are broadcast in nature, requires placing the interface in promiscuous mode, thereby affecting the performance of the router because the router software has to receive all Ethernet frames and then discard unneeded frames in the software driver.

This feature is disabled by default and applies to all PPPoE sessions on an ATM interface configured in a BBA group.

When PPPoE and RBE are configured on two separate ATMs on the same DSL, the customer premises equipment (CPE) acts like a pure bridge, bridging from Ethernet to the two ATMs on the DSL. Becausethe CPE acts as a bridge, and because the aggregation router uses the same MAC address for both PPPoE and RBE, the CPE will not be able to bridge packets to the correct MAC address. The solution is to have a different MAC address for PPPoE only. The MAC address can be either configured or selected automatically.

The MAC address of the PPPoEoA session is either the value configured on the ATM interface using the mac-address command or the burned-in MAC address if a MAC address is not already configured on the ATM interface. This functionality is effective only when neither autoselect nor a MAC address is specified on a BBA group.

If the MAC address is specified on a BBA group, all PPPoEoA sessions use the MAC address specified on the BBA group, which is applied on the VC.

If the MAC address is selected automatically, 7 is added to the MAC address of the ATM interface.

Benefits of the Configurable MAC Address for PPPoE Feature

Because the Cisco IOS aggregation routers use the interface MAC address as the source MAC address for all broadband aggregation protocols on that interface, this feature solves problems that may occur when both RBE and PPPoE are deployed on the same ATM interface.

How to Provide Protocol Support for Broadband Access Aggregation of PPPoE Sessions

To provide protocol support for broadband access aggregation by assigning a profile, you must define the profile. The profile definition is required as described in the "Defining a PPPoE Profile" section, and an additional task makes an assignment of the profile to a protocol type.

•The global keyword creates a profile that serves as the default profile for any PPPoE port that is not assigned a specific profile.

Step 4

virtual-templatetemplate-number

Example:

Router(config-bba-group)# virtual-template 1

Specifies which virtual template will be used to clone virtual access interfaces for all PPPoE ports that use this PPPoE profile.

Step 5

sessions max limitnumber-of-sessions
[thresholdthreshold-value]

Example:

Router(config-bba-group)# sessions max limit
8000

Configures the PPPoE global profile with the maximum number of PPPoE sessions that will be permitted on a router and sets the PPPoE session-count threshold at which a Simple Network Management Protocol (SNMP) trap will be generated.

Note This command applies only to the global profile.

Step 6

sessions per-mac limit per-mac-limit

Example:

Router(config-bba-group)# sessions per-mac
limit 2

Sets the maximum number of PPPoE sessions permitted per MAC address in a PPPoE profile.

Step 7

sessions per-vlan limitper-vlan-limit [inner
vlan-id]

Example:

Router(config-bba-group)# session per-vlan
limit 4000 inner 3500

Sets the maximum number of PPPoE sessions permitted per VLAN in a PPPoE profile.

Step 8

sessions per-vc limitper-vc-limit [thresholdthreshold-value]

Example:

Router(config-bba-group)# sessions per-vc limit
threshold 8

Sets the maximum number of PPPoE sessions permitted on a VC in a PPPoE profile, and sets the PPPoE session-count threshold at which an SNMP trap will be generated.

The PPPoE over Ethernet interface (PPPoEoE) enables the Cisco 7600 series router with a Cisco 7600 SIP-400 to tunnel and terminate Ethernet PPP sessions over Ethernet links. The PPPoE over IEEE 802.1Q VLANs feature enables the router to tunnel and terminate Ethernet PPP sessions across VLAN links. IEEE 802.1Q encapsulation is used to interconnect a VLAN-capable router with another VLAN-capable networking device. The packets on the 802.1Q link contain a standard Ethernet frame and the VLAN information associated with that frame.

Configuring a Virtual Template Interface

Configure a virtual template interface before you configure PPPoE on an Ethernet interface. The virtual template interface is a logical entity that is applied dynamically as needed to an incoming PPP session request. Perform this task to create and configure a virtual template interface:

Prevents a PPP session from being set up without a valid address being negotiated.

This command is required for legacy dialup and DSL networks.

Step 8

end

Example:

Router(config-if)# end

Exits interface configuration mode.

Examples

The following example shows the configuration of a virtual template interface:

Router(config)# interface virtual-template 1

Router(config)# ip unnumbered21 Loopback1

Router(config-if)# no peer default ip address

Router(config-if)# ppp authentication chap

Router(config-if)# ppp authorization

Router(config-if)# ppp accounting

Monitoring Virtual Access Interface

When a virtual template interface is applied dynamically to an incoming user session, a virtual access interface (VAI) is created. You cannot use the command-line to directly create or configure a VAI. Perform this task to monitor the VAI and free the memory for other dial-in uses.

SUMMARY STEPS

1. enable

2. show interfaces virtual-accessnumber [configuration]

3. clear interface virtual-accessnumber

DETAILED STEPS

Command or Action

Purpose

Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

•Enter your password if prompted.

Step 2

show interfaces virtual-access number[configuration]

Example:

Router# show interfaces virtual-access 3

Displays the status, traffic data, and configuration information about a specified active VAI that was created using a virtual template interface.

Enables PPPoE and allows PPPoE sessions to be created through that interface.

Step 5

end

Example:

Router(config-if)# end

Exits interface configuration mode.

Configuring a BBA Group to Establish PPPoE Sessions

Note Cisco IOS Release 12.2(33)SRC does not support the configuration of broadband aggregation (BBA) groups using RADIUS. You must configure BBA groups manually.

Perform this task to configure a BBA group to establish PPPoE sessions and link it to the appropriate virtual template interface.

SUMMARY STEPS

1. enable

2. configure terminal

3. bba-group pppoename

4. virtual-template template-number

5. sessions per-mac limitper-mac-limit

6. sessions max limit number-of-sessions [thresholdthreshold-value]

7. sessions per-vc limit per-vc-limit [thresholdthreshold-value]

8. exit

9. interfacetype-number

10. encapsulation dot1qvlan-id

11. protocol pppoe groupgroup-name

12. end

DETAILED STEPS

Command or Action

Purpose

Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

•Enter your password if prompted.

Step 2

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3

bba-group pppoe name

Example:

Router(config)# bba-group pppoe name

Configures a BBA group to be used to establish PPPoE sessions and enters BBA group configuration mode..

The name identifies the BBA group. You can have multiple BBA groups.

Step 4

virtual-templatetemplate-number

Example:

Router(config-bba-group)# virtual-template 1

Specifies the virtual template interface to use to clone virtual access interfaces (VAIs).

Step 5

sessions per-mac limitper-mac-limit

Example:

Router(config-bba-group)# sessions per-mac
limit 100

(optional) Specifies the maximum number of sessions per MAC address for each PPPoE port that uses the group.

Step 6

sessions max limitnumber-of-sessions
[threshold threshold-value

Example:

Router(config-bba-group)# sessions max limit
32000

Configures the PPPoE global profile with the maximum number of PPPoE sessions that will be permitted on a router, and sets the PPPoE session-count threshold at which a Simple Network Management Protocol (SNMP) trap will be generated.

This command applies only to the global profile.

Step 7

sessions per-vc limitper-vc-limit [threshold
threshold-value]

Example:

Router(config-bba-group)# sessions per-vc limit
2000

(Optional) Sets the maximum number of PPPoE sessions allowed per VC session limit in a PPPoE profile.

Step 8

exit

Example:

Router(config-bba)# exit

Returns to global configuration mode.

Step 9

interfacetype number

Example:

Router(config)# interface atm 2/0

Specifies the interface to which you want to attach the BBA group and enters interface configuration mode.

Enables IEEE 802.1Q encapsulation on traffic on a specifiedsubinterface in a VLAN.

•Specify the VLAN identifier.

Step 11

protocol pppoe groupgroup-name

Example:

Router(config-if)#protocol pppoe group
group-name

Attaches the BBA group to the VLAN.

Step 12

end

Example:

Router(config-if)# end

Exits interface configuration mode.

Configuring PPPoE over 802.1Q VLANs on a Cisco 7600 Router With a SIP-400

PPPoE over IEEE 802.1Q VLANs enables the Cisco 7600 series router with a SIP-400 to support PPPoE over IEEE802.1Q encapsulated VLAN interfaces. IEEE 802.1Q encapsulation is used to interconnect a VLAN-capable router with another VLAN-capable networking device. The packets on the 802.1Q link contain a standard Ethernet frame and the VLAN information associated with that frame. Perform the following tasks to configure PPPoE on a Cisco 7600 router with a SIP-400:

Enables IEEE802.1Q encapsulation on a specified subinterface in VLANs.

Step 5

exit

Example:

Router(config-subif)# exit

Exits subinterface configuration mode.

Step 6

bba-group pppoe {bba-group-name | global}

Example:

Router(config)# bba-group pppoe group1

Enters BBA group configuration mode.

Step 7

pppoe enable pppoe enable [group group-name]

Example:

Router(config-bba)# pppoe enable group1

Enables PPPoE and allows PPPoE sessions to be created through the specified subinterface.

Step 8

pppoe max-sessionsnumber

Example:

Router(config-bba)# pppoe max-sessions 23

Specifies the maximum number of PPPoE sessions that can be terminated on this router from all interfaces.

Step 9

end

Example:

Router(config-bba)# end

Exits BBA group configuration mode.

Verifying PPPoE over Ethernet

Perform this task to verify PPPoEoE.

SUMMARY STEPS

1. enable

2. show pppoe session all

3. show pppoe session packets

4. show pppoe summary

DETAILED STEPS

Command or Action

Purpose

Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

•Enter your password if prompted.

Step 2

show pppoe session all

Example:

Router# show pppoe session all

Displays PPPoE session information for each session ID.

Step 3

show pppoe session packets

Example:

Router# show pppoe session packets

Displays PPPoE session statistics.

Step 4

show pppoe summary

Example:

Router# show pppoe summary

Displays a summary of PPPoE session information.

Clearing PPPoE Sessions

Perform this task to clear the PPPoE sessions.

SUMMARY STEPS

1. enable

2. clear pppoe all

3. clear pppoe {interfacetype number [vc {[vpi/]vci | vc-name}]

4. clear pppoe rmac mac-address [sidsession-id]

5. clear pppoe interfacetype number[vlan vlan -number]

DETAILED STEPS

Command or Action

Purpose

Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

•Enter your password if prompted.

Step 2

clear pppoe all

Example:

Router# clear pppoe all

Clears all PPPoE sessions.

Step 3

clear pppoe {interface type number [vc
{[vpi/]vci | vc-name}]

Example:

Router# clear pppoe interface

Clears all PPPoE sessions on a physical interface or subinterface.

Step 4

clear pppoe rmac mac-address [sidsession-id]

Example:

Router# clear pppoe rmac sid

Clears PPPoE sessions from a client host MAC address.

Step 5

clear pppoe interfacetype number [vlanvlan-
number]

Example:

Router# clear pppoe interface ATM 2/0 vlan 200

Clears sessions from a specific VLAN.

Enabling PPPoE over IEEE 802.1Q VLAN

Perform this task to enable PPPoE over IEEE 802.1Q VLAN support on a main Ethernet interface.

The PPPoE over VLAN Enhancements: Configuration Limit Removal and ATM Support feature removes the requirement for each PPPoE VLAN to be created on a subinterface. Allowing more than one PPPoE VLAN to be configured on a main interface increases the number of VLANs that can be configured on a router from 1001 to 4000 VLANs per interface.

Individual VLANs or a range of VLANs can be configured on an interface. You can configure a VLAN range on a main interface and at the same time configure VLANs outside the range on subinterfaces of the same interface.

SUMMARY STEPS

1. enable

2. configureterminal

3. interfacetypenumber

4. vlan-id dot1qvlan-id

or

vlan-range dot1qstart-vlan-id end-vlan-id

5. pppoe enable [groupgroup-name]

6. end

DETAILED STEPS

Command or Action

Purpose

Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

•Enter your password if prompted.

Step 2

configureterminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3

interfacetypenumber

Example:

Router(config)# interface fastethernet 0/2

Specifies the interface to be configured and enters interface configuration mode.

Enables IEEE 802.1Q VLAN encapsulation for a range of VLANs on an Ethernet interface and enters VLAN range configuration mode.

Step 5

pppoe enable [groupgroup-name]

Example:

Router(config-if-vlan-range)# pppoe enable
group pppoe1

Enables PPPoE sessions over a specific VLAN or a range of VLANs.

Step 6

end

Example:

Router(config-if-vlan-range)# end

Exits VLAN range configuration mode.

Enabling an ATM to Support Encapsulated PPPoE over IEEE 802.1Q VLAN

Perform the following task to enable an ATM to support encapsulated PPPoE over IEEE 802.1Q VLAN traffic. The PPPoE over VLAN Enhancements: Configuration Limit Removal and ATM Support feature enables ATMs to process PPPoE over VLAN packets that use bridged RFC 1483 encapsulation. This capability allows PPPoE traffic from different 802.1Q VLANs to be multiplexed over the same ATM.

Enables support for PPPoE for a specific IEEE 802.1Q VLAN or a range of VLANs in a VC class.

Note A VC class can be applied to an ATM interface, subinterface, or range of ATMs.

Configuring MAC Addresses for PPPoEoA

You can configure the MAC address on ATMs in a BBA group to use a different MAC address for PPP over Ethernet over ATM (PPPoEoA).

Perform this task to configure different MAC addresses on PPPoEoA and enable the aggregation router to bridge packets from Ethernet to the appropriate MAC addresses..

Prerequisites for Configurable MAC Address for PPPoE

A BBA group profile should already exist. The BBA groupcommands are used to configure broadband access on aggregation and client devices that use PPPoA, PPPoE, and Routed Bridge Encapsulation (RBE).

SUMMARY STEPS

1. enable

2. configureterminal

3. bba-group pppoe {bba-group-name | global}

4. mac-address{autoselect | mac-address}

5. exit

6. show pppoe session

7. end

DETAILED STEPS

Command or Action

Purpose

Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

•Enter your password if prompted.

Step 2

configureterminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3

bba-group pppoe {bba-group-name | global}

Example:

Router(config)# bba-group pppoe group1

Enters BBA group configuration mode.

Step 4

mac-address {autoselect | mac-address}

Example:

Router(config-bba-group)# mac-address
autoselect

Selects the MAC address.

•autoselect—Automatically selects the MAC address based on the ATM interface address, plus 7.

•mac-address—Standardized data link layer address having a 48-bit MAC address. Also known as a hardware address, MAC layer address, and physical address. All PPPoEoA sessions use the MAC address specified on the BBA group, which are applied on the VC.

Step 5

exit

Example:

Router(config-bba-group)# exit

Exits BBA group configuration mode.

Step 6

show pppoe session

Example:

Router# show pppoe session

Displays the MAC address as the local MAC (LocMac) address on the last line of the display.

Step 7

end

Example:

Router# end

Exits privileged EXEC mode.

Examples

The following example shows the display of the MAC address as LocMac:

Router# show pppoe session

1 session in LOCALLY_TERMINATED (PTA) State

1 session total

Uniq ID PPPoE RemMAC Port VT VA

State

SID LocMAC VA-st

3 3 000b.fdc9.0001 ATM3/0.1 1 Vi2.1

PTA

0008.7c55.a054 VC: 1/50 UP

LocMAC is burned in mac-address of ATM interface(0008.7c55.a054).

Configuring PPPoE Session Recovery After Reload

Perform this task to configure the aggregation device to send PPPoE active discovery terminate (PADT) packets to the CPE device upon receipt of PPPoE packets on "half-active" PPPoE sessions (a PPPoE session that is active on the CPE end only).

If the PPP keepalive mechanism is disabled on a CPE device, a PPPoE session will pause indefinitely after an aggregation device reload. The PPPoE Session Recovery After Reload feature enables the aggregation device to attempt to recover PPPoE sessions that failed because of reload by notifying CPE devices about the PPPoE session failures.

The PPPoE protocol relies on the PPP keepalive mechanism to detect link or peer device failures. If PPP detects a failure, it terminates the PPPoE session. If the PPP keepalive mechanism is disabled on a CPE device, the CPE device has no way to detect link or peer device failures over PPPoE connections. When an aggregation router that serves as the PPPoE session endpoint reloads, the CPE device will not detect the connection failure and will continue to send traffic to the aggregation device. The aggregation device will drop the traffic for the failed PPPoE session.

The sessions auto cleanup command enables an aggregation device to attempt to recover PPPoE sessions that existed before a reload. When the aggregation device detects a PPPoE packet for a half-active PPPoE session, the device notifies the CPE of the PPPoE session failure by sending a PPPoE PADT packet. The CPE device is expected to respond to the PADT packet by taking failure recovery action.

SUMMARY STEPS

1. enable

2. configureterminal

3. bba-group pppoe {group-name | global}

4. virtual-templatetemplate-number

5. sessions auto cleanup

6. end

DETAILED STEPS

Command or Action

Purpose

Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

•Enter your password if prompted.

Step 2

configureterminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3

bba-group pppoe {group-name | global}

Example:

Router(config)# bba-group pppoe global

Defines a PPPoE profile and enters BBA group configuration mode.

•The global keyword creates a profile that will serve as the default profile for any PPPoE port that is not assigned a specific profile.

Step 4

virtual-templatetemplate-number

Example:

Router(config-bba-group)# virtual-template 1

Specifies which virtual template will be used to clone virtual access interfaces for all PPPoE ports that use this PPPoE profile.

Step 5

sessions auto cleanup

Example:

Router(config-bba-group)# sessions auto cleanup

Configures an aggregation device to attempt to recover PPPoE sessions that failed because of reload by notifying CPE devices about the PPPoE session failures.

PPPoE Profiles Configuration: Example

The following example shows how to configure the three PPPoE profiles: vpn1, vpn2, and a global PPPoE profile. The profiles vpn1 and vpn2 are assigned to VC classes, VLANs, and ranges. Any Ethernet interface, VLAN, range, or VC class that is configured for PPPoE but is not assigned either profile vpn1 or vpn (such as VC class class-pppoe-global) will use the global profile.

Note The order in which the commands are configured can be changed.

vpdn enable

!

vpdn-group 1

request-dialin

protocol l2tp

domain vpn1

initiate-to ip 209.165.200.225 priority 1

local name NAS1-1

!

vpdn-group 2

request-dialin

protocol l2tp

domain vpn2

initiate-to ip 209.165.201.1 priority 1

local name NAS1-2

!

virtual-template 1 pre-clone 20

virtual-template 2 pre-clone 20

!

bba-group pppoe global

virtual-template 1

sessions max limit 8000

sessions per-mac limit 2

sessions per-vc limit 8

!

bba-group pppoe vpn1

virtual-template 1

sessions per-vc limit 2

sessions per-mac limit 1

!

bba-group pppoe vpn2

virtual-template 2

sessions per-mac limit 1

sessions per-vc limit 2

!

vc-class atm class-pppoe-global

protocol pppoe

!

vc-class atm class-pppox-auto

encapsulation aal5autoppp virtual-template 1 group vpn1

!

vc-class atm class-pppoe-1

protocol pppoe group vpn1

!

vc-class atm class-pppoe-2

protocol pppoe group vpn2

!

interface Loopback 1

ip address 209.165.201.1 255.255.255.0

!

interface ATM 1/0.10 multipoint

range range-pppoe-1 100 109

protocol pppoe group vpn1

!

interface ATM 1/0.20 multipoint

class-int class-pppox-auto

0/200

encapsulation aal5autoppp virtual-template 1

!

0/201

!

0/202

encapsulation aal5autoppp virtual-template 1 group vpn2

!

0/203

class-vc class-pppoe-global

!

!

interface Ethernet 2/3.1

encapsulation dot1Q 1

pppoe enable group vpn1

!

interface Ethernet 2/3.2

encapsulation dot1Q 2

pppoe enable group vpn2

!

interface ATM 6/0.101 point-to-point

ip address 209.165.202.129 255.255.255.0

0/101

!

interface ATM 6/0.102 point-to-point

ip address 209.165.201.1 255.255.255.0

0/102

!

interface virtual-template 1

ip unnumbered loopback 1

no logging event link-status

no keepalive

peer default ip address pool pool-1

ppp authentication chap

!

interface virtual-template 2

ip unnumbered loopback 1

no logging event link-status

no keepalive

peer default ip address pool pool-2

ppp authentication chap

!

ip local pool pool-1 10.10.1.1 10.10.1.250

ip local pool pool-2 10.10.2.1 10.10.2.250

!

MAC Address of the PPPoEoA Session as the Burned-In MAC Address: Example

In the following example, neither address autoselect nor a MAC address is configured on the BBA group, and the MAC address is not configured on the ATM interface (the default condition). The show pppoe session command is used to confirm that the MAC address of the PPPoEoA session is the burned-in MAC address of the ATM interface.

bba-group pppoe one

virtual-template 1

interface ATM 3/0

no ip address

no ip route-cache

no atm ilmi-keepalive

!

interface ATM 3/0.1 multipoint

no ip route-cache

1/50

encapsulation aal5snap

protocol pppoe group one

!

Router# show pppoe session

1 session in LOCALLY_TERMINATED (PTA) State

1 session total

Uniq ID PPPoE RemMAC Port VT VA

State

SID LocMAC VA-st

3 3 000b.fdc9.0001 ATM3/0.1 1 Vi2.1

PTA

0008.7c55.a054 VC: 1/50 UP

LocMAC is burned in mac-address of ATM interface(0008.7c55.a054).

Address Autoselect Configured and MAC Address Not Configured: Example

The following example shows how to configure address autoselect in the BBA group. The MAC address is not configured on the ATM interface. The show pppoe session command displays the MAC address of the interface, plus 7.

bba-group pppoe one

virtual-template 1

mac-address autoselect

!

interface ATM 3/0

no ip address

no ip route-cache

no atm ilmi-keepalive

!

interface ATM 3/0.1 multipoint

no ip route-cache

1/50

encapsulation aal5snap

protocol pppoe group one

Router# show pppoe session

1 session in LOCALLY_TERMINATED (PTA) State

1 session total

Uniq ID PPPoE RemMAC Port VT VA

State

SID LocMAC VA-st

5 5 000b.fdc9.0001 ATM3/0.1 1 Vi2.1

PTA

0008.7c55.a05b VC: 1/50 UP

LocMAC = burned in mac-address of ATM interface + 7 (0008.7c55.a05b)

PPPoE over 802.1Q VLAN Support on an Ethernet Interface: Example

The following example shows how to configure PPPoE over a range of 802.1Q VLANs on FastEthernet interface 0/0. The VLAN range is configured on the main interface, and therefore each VLAN will not use up a separate subinterface.

bba-group pppoe PPPOE

virtual-template 1

sessions per-mac limit 1

interface virtual-template 1

ip address 209.165.201.1 255.255.255.0

mtu 1492

interface fastethernet 0/0

no ip address

no ip mroute-cache

duplex half

vlan-range dot1q 20 30

pppoe enable group PPPOE

exit-vlan-config

PPPoE over 802.1Q VLAN Support on ATMs: Example

The following example shows how to configure an ATM to support PPPoE over a range of 802.1Q VLANs:

bba-group pppoe PPPOEOA

virtual-template 1

sessions per-mac limit 1

interface virtual-template 1

ip address 209.165.202.129 255.255.255.0

mtu 1492

interface atm 4/0.10 multipoint

10/100

protocol pppovlan dot1q 0 50 group PPPOEOA

MAC Address Configured on the ATM Interface: Example

In the following example, neither autoselect nor the MAC address is configured on the BBA group, but the MAC address is configured on the ATM interface, as indicated by the report from the show pppoe session command:

bba-group pppoe one

virtual-template 1

interface ATM 3/0

mac-address 0001.0001.0001

no ip address

no ip route-cache

no atm ilmi-keepalive

!

interface ATM 3/0.1 multipoint

no ip route-cache

1/50

encapsulation aal5snap

protocol pppoe group one

!

Router# show pppoe session

1 session in LOCALLY_TERMINATED (PTA) State

1 session total

Uniq ID PPPoE RemMAC Port VT VA

State

SID LocMAC VA-st

7 7 000b.fdc9.0001 ATM3/0.1 1 Vi2.1

PTA

0001.0001.0001 VC: 1/50 UP

LocMAC = configured mac-address on atm interface(0001.0001.0001).

MAC Address Configured on the BBA Group: Example

The following example shows how to configure the MAC address on the BBA group. The display from the show pppoe session command indicates that all PPPoEoA sessions on the ATM interface associated with the BBA group use the same MAC address as specified on the BBA group.

bba-group pppoe one

virtual-template 1

mac-address 0002.0002.0002

interface ATM 3/0

mac-address 0001.0001.0001

no ip address

no ip route-cache

no atm ilmi-keepalive

!

interface ATM 3/0.1 multipoint

no ip route-cache

1/50

encapsulation aal5snap

protocol pppoe group one

Router# show pppoe session

1 session in LOCALLY_TERMINATED (PTA) State

1 session total

Uniq ID PPPoE RemMAC Port VT VA

State

SID LocMAC VA-st

8 8 000b.fdc9.0001 ATM3/0.1 1 Vi2.1

PTA

0002.0002.0002 VC: 1/50 UP

LocMac(Mac address of PPPoEoA session) is mac-address specified on bba-group one
(0002.0002.0002)

PPPoE Session Recovery After Reload: Example

The following example shows how the router attempts to recover failed PPPoE sessions in the ATM range called "range-pppoe-1":

Note L2TP is not supported on the Cisco 7600 router in Cisco IOS Release 12.2(33)SRC.

•If you want to configure the transfer upstream of the Point-to-Point Protocol over X (PPPoX, where X designates a family of encapsulating communications protocols such as pppoe, pppoa, pppoeoa, pppoeovlan implementing PPP), see the "Configuring Upstream Connections Speed Transfer" module.

RFCs

Technical Assistance

Description

Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

Feature Information for Providing Protocol Support for Broadband Access Aggregation for PPPoE Sessions

Table 1 lists the features in this module and provides links to specific configuration information. Only features that were introduced or modified in Cisco IOS Releases 12.2(1) or 12.0(3)S or a later release appear in the table.

For information on a feature in this technology that is not documented here, see the "Configuring Broadband Access Aggregation Features Roadmap."

Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.

Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp. An account on Cisco.com is not required.

Note Table 1 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.

The following commands were introduced or modified: bba-group ppoe, mac-address.

Configuration Limit Removal and ATM Support

12.3(2)T

The Configuration Limit Removal and ATM Support feature provides two enhancements to PPP over Ethernet (PPPoE) over IEEE 802.1Q VLAN functionality:

•It removes the requirement for each PPPoE VLAN to be created on a subinterface. Removal of this requirement increases the number of VLANs that can be configured on a router from 1001 to 4000 VLANs per interface.

The PPPoA/PPPoE Autosense for ATMs feature enables a router to distinguish between incoming PPP over ATM (PPPoA) and PPP over Ethernet (PPPoE) over ATMsessions and to create virtual access based on demand for both PPP types.

The PPPoE Connection Throttling feature limits PPPoE connection requests to help prevent intentional denial-of-service attacks and unintentional PPP authentication loops. This feature implements session throttling on the PPPoE server to limit the number of PPPoE session requests that can be initiated from a MAC address or virtual circuit during a specified period of time.

The PPPoE Session Recovery After Reload feature enables the aggregation device to attempt to recover PPPoE sessions that failed because of reload by notifying CPE devices about the PPPoE session failures.

The VLAN Range feature can be used to group VLAN subinterfaces so that any command entered in a group applies to every subinterface within the group. This capability simplifies configurations and reduces command parsing.

Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.